Go Back   Wireless and Wifi Forums > Wireless Networks (Wifi) > Wireless Networking Discussion
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-15-2008, 02:49 AM
Junior Member
Join Date: Apr 2008
Posts: 1
Default Security of using same username/password for all users in WPA/WPA2-Enterprise

I have a question about using the same username/password for all users in a WPA/WPA2-Enterprise setup. I have this question because the Hong Kong government has launched a city-wide Wi-fi initiative which provides two security levels: one is no encryption at all and the other is to use a pre-set username/password with WPA/WPA2-Enterprise (not Personal). Details are at GovWiFi: Usage Guide.

I think this is very insecure and data can be decrypted if I can sniff all packets from the time a user joins the AP, because I can get the Pairewise Master Key and all other keys by decrypting the packets by using the pre-defined username/password.

Does this usage of WPA/WPA-2 Enterprise effectively degrades to WPA/WPA-2 Personal? As I know their difference is the lack of authentication in the latter, while the encryption (TKIP or CCMP) are the same, so by using just one credential for all users means there's one and only one preshared key.
Reply With Quote

« European Wifi...any different than US Wifi?? | What does dBi mean? »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Gain the best from existing resources to improve data security Andy Lotus comp.security.misc 0 02-04-2007 07:00 AM
Security Vulnerability in ... Security Alert comp.security.misc 0 01-26-2007 11:40 AM
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 Shannon Appel comp.security.misc 0 07-31-2005 05:25 AM
SSRT5954 rev.5 - HP-UX TCP/IP Remote Denial of Service (DoS) Security Alert comp.security.misc 0 07-25-2005 07:13 PM
SSRT5954 rev.4 - HP-UX TCP/IP Remote Denial of Service (DoS) Security Alert comp.security.misc 0 07-12-2005 12:27 PM

All times are GMT. The time now is 05:54 PM.

Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2